projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #16174 from neheb/Gf
[feed/packages.git] / net / travelmate / files / travelmate.vpn
1 #!/bin/sh
2 # vpn switch for travelmate
3 # Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
4 # This is free software, licensed under the GNU General Public License v3.
5
6 # set (s)hellcheck exceptions
7 # shellcheck disable=1091,3040,3043
8
9 # Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
10
11 export LC_ALL=C
12 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
13 set -o pipefail
14
15 # source function library if necessary
16 #
17 if [ -z "${_C}" ]; then
18 . "/lib/functions.sh"
19 fi
20
21 vpn_action="${1}"
22 trm_vpnservice="$(uci_get travelmate global trm_vpnservice)"
23 trm_vpniface="$(uci_get travelmate global trm_vpniface)"
24 trm_landevice="$(uci_get travelmate global trm_landevice)"
25 trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
26 trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
27 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"
28 trm_iptrule_accept="FORWARD -i ${trm_landevice} -p tcp --match multiport --dports 80,443 -j ACCEPT"
29 trm_iptrule_drop="FORWARD -i ${trm_landevice} -j DROP"
30 trm_iptables="$(command -v iptables)"
31 trm_logger="$(command -v logger)"
32 trm_fetch="$(command -v curl)"
33
34 f_net()
35 {
36 local IFS json_rc result="net nok"
37
38 json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 10)) --header "Cache-Control: no-cache, no-store, must-revalidate" --header "Pragma: no-cache" --header "Expires: 0" --write-out "%{response_code}" --silent --show-error --output /dev/null "${trm_captiveurl}")"
39 if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then
40 result="net ok"
41 fi
42 printf "%s" "${result}"
43 }
44
45 if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp/trm_runtime.json" ]; then
46 status="$(jsonfilter -i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev/null)"
47 vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
48 if [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]; then
49 if [ -n "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_drop}" 2>&1)" ] &&
50 [ -n "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_accept}" 2>&1)" ]; then
51 "${trm_iptables}" "-w $((trm_maxwait / 6))" -I "${trm_iptrule_drop}" 2>&1
52 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "lan forward blocked for device '${trm_landevice}'" 2>/dev/null
53 fi
54 fi
55 if [ "${vpn_action}" = "disable" ] && [ "${status%% (net cp *}" = "connected" ]; then
56 if [ -n "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_accept}" 2>&1)" ] &&
57 [ -z "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_drop}" 2>&1)" ]; then
58 "${trm_iptables}" "-w $((trm_maxwait / 6))" -I "${trm_iptrule_accept}" 2>&1
59 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "lan forward on ports 80/443 freed for device '${trm_landevice}'" 2>/dev/null
60 fi
61 fi
62
63 case "${trm_vpnservice}" in
64 "wireguard")
65 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]; then
66 ubus call network.interface."${trm_vpniface}" up
67 elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]; then
68 ubus call network.interface."${trm_vpniface}" down
69 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${trm_vpnservice} client connection disabled" 2>/dev/null
70 fi
71 ;;
72 "openvpn")
73 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]; then
74 ubus call network.interface."${trm_vpniface}" up
75 /etc/init.d/openvpn restart >/dev/null 2>&1
76 elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]; then
77 ubus call network.interface."${trm_vpniface}" down
78 /etc/init.d/openvpn stop >/dev/null 2>&1
79 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${trm_vpnservice} client connection disabled" 2>/dev/null
80 fi
81 ;;
82 esac
83
84 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]; then
85 cnt=0
86 while true; do
87 vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
88 if [ "${vpn_status}" = "true" ]; then
89 net_status="$(f_net)"
90 if [ "${net_status}" = "net ok" ]; then
91 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${trm_vpnservice} client connection enabled" 2>/dev/null
92 if [ -z "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_drop}" 2>&1)" ]; then
93 "${trm_iptables}" "-w $((trm_maxwait / 6))" -D "${trm_iptrule_drop}" 2>&1
94 if [ -z "$("${trm_iptables}" "-w $((trm_maxwait / 6))" -C "${trm_iptrule_accept}" 2>&1)" ]; then
95 "${trm_iptables}" "-w $((trm_maxwait / 6))" -D "${trm_iptrule_accept}" 2>&1
96 fi
97 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "lan forward freed for device '${trm_landevice}'" 2>/dev/null
98 fi
99 break
100 fi
101 fi
102 if [ "${cnt}" -ge "$((trm_maxwait / 6))" ]; then
103 "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${trm_vpnservice} restart failed, lan forward for device '${trm_landevice}' still blocked" 2>/dev/null
104 ubus call network.interface."${trm_vpniface}" down
105 exit 2
106 fi
107 sleep 1
108 cnt="$((cnt + 1))"
109 done
110 fi
111 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true" ]; then
112 if [ -f "/etc/init.d/sysntpd" ]; then
113 /etc/init.d/sysntpd restart >/dev/null 2>&1
114 fi
115 fi
116 exit 0
117 fi
118 exit 1
Mirror of packages feed